spec/requests/external_redirect/external_redirect_controller_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe "ExternalRedirect::ExternalRedirectController requests", feature_category: :navigation do
  let_it_be(:external_url) { 'https://google.com' }
  let_it_be(:external_url_encoded) do
    Addressable::URI.encode_component(external_url, Addressable::URI::CharacterClasses::QUERY)
  end

  let_it_be(:internal_url) { "#{Gitlab.config.gitlab.url}/foo/bar" }
  let_it_be(:internal_url_encoded) do
    Addressable::URI.encode_component(internal_url, Addressable::URI::CharacterClasses::QUERY)
  end

  let_it_be(:top_nav_partial) { 'layouts/header/_default' }

  context "with valid url param" do
    before do
      get "/-/external_redirect?url=#{external_url_encoded}"
    end

    it "returns 200 and renders URL" do
      expect(response).to have_gitlab_http_status(:ok)
      expect(response.body).to have_link(text: 'Proceed', href: external_url)
    end

    it "does not render nav" do
      expect(response).not_to render_template(top_nav_partial)
    end
  end

  context "with same origin url" do
    before do
      get "/-/external_redirect?url=#{internal_url_encoded}"
    end

    it "redirects" do
      expect(response).to redirect_to(internal_url)
    end
  end

  describe "with invalid url params" do
    where(:case_name, :params) do
      [
        ["when url is bad", "url=javascript:alert(1)"],
        ["when url is empty", "url="],
        ["when url param is missing", ""]
      ]
    end

    with_them do
      it "returns 404" do
        get "/-/external_redirect?#{params}"

        expect(response).to have_gitlab_http_status(:not_found)
      end
    end
  end
end